SlideShare a Scribd company logo

PhishingandPharming

D
Dawn Hicks
1 of 8
Download to read offline
Helping Consumers Avoid Internet Fraud PHISHING & PHARMING http://www.bankonline.com/checking http://www.bankonline.com/checking http://www.bankonline.com/checking Federal Reserve Bank of Boston
Gone are the days when we had to step outside to purchase our groceries, book flights and vacations, rent or purchase cars, or just transfer money between bank accounts. Today, we can simply grab our checkbooks, debit cards or credit cards, sit down at a computer in the comfort and safety of our home, and complete these transactions with passwords and PIN numbers. Thanks to advances in technology, the types of transactions we can now complete online are virtually endless. Unfortunately, the increase in online transactions has been accompanied by an increase in online identity theft. Fraudulent access to personal information over the Internet is increasingly prevalent and sophisticated. Two forms of identity theft are at the forefront of this Internet piracy: PHISHING and PHARMING. http://www.bankonline.comgo
Alice Jackson34 Rosemary St.Jamaica Plain, MA 02130 The United States of America 1 11 1Federal Reserve Note 50 50 50 50 Bank Card Debit Card Notes Credit Card Dollars Pay to the Order of: Identity theft is a federal crime. It occurs when one person’s identification (which can include name, social security number, bank account number, or any other account number) is used or transferred by another person for unlawful activities. PHISHING is a form of online identity theft that lures consumers into divulging their personal financial information to fraudulent web sites, also known as spoofed web sites. For example, the phisher sends an email message to an unsuspecting victim instructing him to click on the link to a bank’s web site (provided in the email) to confirm his account information. Unbeknownst to the consumer, the web site is a convincing fake or copy of the authentic web site. The unsuspecting customer takes the bait and provides the information, thereby enabling the phisher to steal his personal THE CRIME
http://www.bankonline.com/checking financial information. The phisher can then use this information to clean out the victim’s bank accounts or commit other forms of identity theft. PHARMING is similar to phishing but more sophisticated. Pharmers also send emails. The consumer, however, can be duped by the pharmer without even opening an email attachment. The consumer compromises his personal financial information simply by opening the email message. The pharming email message contains a virus (or Trojan horse) that installs a small software program on the user’s computer. Subsequently, when the consumer tries to visit an official web site, the pharmer’s software program redirects the browser to the pharmer’s fake version of the web site. In this way, the pharmer is able to capture the personal financial information
THE SOLUTION that the consumer enters into the counterfeit web site, and the consumer’s account is again compromised. The latest form of pharming does not require email at all. Password- stealing Trojan horses can attack through Microsoft Messenger® where keyloggers are run. Keyloggers are viruses that track a user’s keystrokes on legitimate sites and steal passwords, allowing a thief to have access to a consumer’s password for future fraudulent transactions. Consumer awareness is the key to avoid falling prey to phishers and pharmers. Ask representatives of your financial institution if they have implemented any special software to thwart off these identity thieves. Inquire as to whether your home PC software provider http://www.bankonline.com/checking
offers any updated anti-phishing programs. In addition, the Anti- Phishing Working Group (an association focused on eliminating the fraud and identity theft that result from phishing, pharming, and email spoofing) offers the following suggestions to avoid falling victim to an Internet scheme: • Be suspicious of any email with urgent requests for personal financial information. • Do not use the links in an email to get to any web page. • Avoid completing forms in email messages that ask for personal financial information. • Be sure to use a secure web site when submitting credit card or other sensitive information via the web browser. • Consider installing a web browser tool bar for protection from known phishing fraud web sites. http://www.bankonline.com/checking
• Regularly log on to online accounts. • Regularly check bank, credit card, and debit card statements to ensure all transactions are legitimate. • Make sure your browser is up to date and security patches are applied. Be vigilant about protecting yourself from these newer forms of identity theft. When turning on your home com- puter to complete seemingly simple transactions, keep your eyes and ears open to avoid financial and emotional distress. If you have received a spoofed email message or believe that you have been a victim of phishing or pharming, there are steps you can take to help shut down the phisher, pharmer, or spoofer: • Forward the email to the Federal Trade Commission at spam@uce.gov • Forward the email to the “abuse” email address at the company that is being spoofed (e.g. spoof@ebay.com ) • Notify the Internet Fraud Complaint Center (IFCC) of the FBI by filing a complaint on the IFCC’s web site: www.ifccfbi.gov When forwarding email, always include the entire original email. For more information, including a brochure on Identity Theft, see http://www.bos.frb.org/consumer. An article on Phishing and Pharming appears at http://www.bos.frb. org/commdev/c&b/2005/fall/phishpharm.pdf.
Sources US Netizen (2005), “A New Security Threat – Pharming,” http://www.usnetizen.com/articles/pharming.html Jane Larson, “ ‘Pharmers’ hit online bank users with fraud scam,” The Arizona Republic, April 26, 2005. For more information, visit www.antiphishing.org/consumer_recs.html Written by Dawn Hicks. Illustrations by Nina Frenkel.

Recommended

Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingAshley_Coy
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and PhishingMason Bird
 
Phishing
PhishingPhishing
PhishingSyahida
 
Phishing
PhishingPhishing
Phishingoitaoming
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack Shubh Thakkar
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 

Recommended

Phishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingPhishing, Pharming, Clickjacking
Phishing, Pharming, ClickjackingAshley_Coy
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and PhishingMason Bird
 
Phishing
PhishingPhishing
PhishingSyahida
 
Phishing
PhishingPhishing
Phishingoitaoming
 
PHISHING attack
PHISHING attack PHISHING attack
PHISHING attack Shubh Thakkar
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till nowelakkiya poongunran
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
Phishing
PhishingPhishing
PhishingAjit Yadav
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingJayaseelan Vejayon
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & PharmingDevendra Yadav
 
Pharming attack
Pharming attackPharming attack
Pharming attackAkshay Surve
 

More Related Content

What's hot

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gtemi
 

What's hot (20)

The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Phishing
PhishingPhishing
Phishing
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Phishing attack till now
Phishing attack till nowPhishing attack till now
Phishing attack till now
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Phishing
PhishingPhishing
Phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Phishing
PhishingPhishing
Phishing
 
Phishing
PhishingPhishing
Phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Phishing
PhishingPhishing
Phishing
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 

Viewers also liked

Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2AfiqEfendy Zaen
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Digital signature
Digital signatureDigital signature
Digital signatureAJAL A J
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniquesMohd Arif
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signaturesRohit Bhat
 

Viewers also liked (8)

Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & Pharming
 
Pharming attack
Pharming attackPharming attack
Pharming attack
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
 
Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2Basic Encryption Decryption Chapter 2
Basic Encryption Decryption Chapter 2
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Cipher techniques
Cipher techniquesCipher techniques
Cipher techniques
 
Introduction to Digital signatures
Introduction to Digital signaturesIntroduction to Digital signatures
Introduction to Digital signatures
 

Similar to PhishingandPharming

IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
Is this a scam.pdf
Is this a scam.pdfIs this a scam.pdf
Is this a scam.pdfAvaAmelia
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Id Theft
Id TheftId Theft
Id Theftmojo_5
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scamsSafeSpaceOnline
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfEvs, Lahore
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Thefthewie
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper Joydeep Banerjee
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology- Mark - Fullbright
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. mariotoronto
 
Cyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalCyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalSiphiwe Msibi
 

Similar to PhishingandPharming (20)

Phishers
PhishersPhishers
Phishers
 
Phishing
PhishingPhishing
Phishing
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
Phishing
PhishingPhishing
Phishing
 
IB Fraud
IB FraudIB Fraud
IB Fraud
 
Is this a scam.pdf
Is this a scam.pdfIs this a scam.pdf
Is this a scam.pdf
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Internet scams
Internet scamsInternet scams
Internet scams
 
Id Theft
Id TheftId Theft
Id Theft
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
3 pervasive phishing scams
3 pervasive phishing scams3 pervasive phishing scams
3 pervasive phishing scams
 
Phishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdfPhishing & Pharming Explained.pdf
Phishing & Pharming Explained.pdf
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
How to Prevent ID Theft
How to Prevent ID TheftHow to Prevent ID Theft
How to Prevent ID Theft
 
Phish Phry- Analysis paper
Phish Phry- Analysis paper Phish Phry- Analysis paper
Phish Phry- Analysis paper
 
Identity Theft: Evolving with Technology
Identity Theft: Evolving with TechnologyIdentity Theft: Evolving with Technology
Identity Theft: Evolving with Technology
 
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp. Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
Online Fraud and Identity Theft: Transact Safely - Symantec Corp.
 
Cyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_FinalCyber Crime Campain Messages_Poster_Final
Cyber Crime Campain Messages_Poster_Final
 
Phishing
PhishingPhishing
Phishing
 

PhishingandPharming

  • 1. Helping Consumers Avoid Internet Fraud PHISHING & PHARMING http://www.bankonline.com/checking http://www.bankonline.com/checking http://www.bankonline.com/checking Federal Reserve Bank of Boston
  • 2. Gone are the days when we had to step outside to purchase our groceries, book flights and vacations, rent or purchase cars, or just transfer money between bank accounts. Today, we can simply grab our checkbooks, debit cards or credit cards, sit down at a computer in the comfort and safety of our home, and complete these transactions with passwords and PIN numbers. Thanks to advances in technology, the types of transactions we can now complete online are virtually endless. Unfortunately, the increase in online transactions has been accompanied by an increase in online identity theft. Fraudulent access to personal information over the Internet is increasingly prevalent and sophisticated. Two forms of identity theft are at the forefront of this Internet piracy: PHISHING and PHARMING. http://www.bankonline.comgo
  • 3. Alice Jackson34 Rosemary St.Jamaica Plain, MA 02130 The United States of America 1 11 1Federal Reserve Note 50 50 50 50 Bank Card Debit Card Notes Credit Card Dollars Pay to the Order of: Identity theft is a federal crime. It occurs when one person’s identification (which can include name, social security number, bank account number, or any other account number) is used or transferred by another person for unlawful activities. PHISHING is a form of online identity theft that lures consumers into divulging their personal financial information to fraudulent web sites, also known as spoofed web sites. For example, the phisher sends an email message to an unsuspecting victim instructing him to click on the link to a bank’s web site (provided in the email) to confirm his account information. Unbeknownst to the consumer, the web site is a convincing fake or copy of the authentic web site. The unsuspecting customer takes the bait and provides the information, thereby enabling the phisher to steal his personal THE CRIME
  • 4. http://www.bankonline.com/checking financial information. The phisher can then use this information to clean out the victim’s bank accounts or commit other forms of identity theft. PHARMING is similar to phishing but more sophisticated. Pharmers also send emails. The consumer, however, can be duped by the pharmer without even opening an email attachment. The consumer compromises his personal financial information simply by opening the email message. The pharming email message contains a virus (or Trojan horse) that installs a small software program on the user’s computer. Subsequently, when the consumer tries to visit an official web site, the pharmer’s software program redirects the browser to the pharmer’s fake version of the web site. In this way, the pharmer is able to capture the personal financial information
  • 5. THE SOLUTION that the consumer enters into the counterfeit web site, and the consumer’s account is again compromised. The latest form of pharming does not require email at all. Password- stealing Trojan horses can attack through Microsoft Messenger® where keyloggers are run. Keyloggers are viruses that track a user’s keystrokes on legitimate sites and steal passwords, allowing a thief to have access to a consumer’s password for future fraudulent transactions. Consumer awareness is the key to avoid falling prey to phishers and pharmers. Ask representatives of your financial institution if they have implemented any special software to thwart off these identity thieves. Inquire as to whether your home PC software provider http://www.bankonline.com/checking
  • 6. offers any updated anti-phishing programs. In addition, the Anti- Phishing Working Group (an association focused on eliminating the fraud and identity theft that result from phishing, pharming, and email spoofing) offers the following suggestions to avoid falling victim to an Internet scheme: • Be suspicious of any email with urgent requests for personal financial information. • Do not use the links in an email to get to any web page. • Avoid completing forms in email messages that ask for personal financial information. • Be sure to use a secure web site when submitting credit card or other sensitive information via the web browser. • Consider installing a web browser tool bar for protection from known phishing fraud web sites. http://www.bankonline.com/checking
  • 7. • Regularly log on to online accounts. • Regularly check bank, credit card, and debit card statements to ensure all transactions are legitimate. • Make sure your browser is up to date and security patches are applied. Be vigilant about protecting yourself from these newer forms of identity theft. When turning on your home com- puter to complete seemingly simple transactions, keep your eyes and ears open to avoid financial and emotional distress. If you have received a spoofed email message or believe that you have been a victim of phishing or pharming, there are steps you can take to help shut down the phisher, pharmer, or spoofer: • Forward the email to the Federal Trade Commission at spam@uce.gov • Forward the email to the “abuse” email address at the company that is being spoofed (e.g. spoof@ebay.com ) • Notify the Internet Fraud Complaint Center (IFCC) of the FBI by filing a complaint on the IFCC’s web site: www.ifccfbi.gov When forwarding email, always include the entire original email. For more information, including a brochure on Identity Theft, see http://www.bos.frb.org/consumer. An article on Phishing and Pharming appears at http://www.bos.frb. org/commdev/c&b/2005/fall/phishpharm.pdf.
  • 8. Sources US Netizen (2005), “A New Security Threat – Pharming,” http://www.usnetizen.com/articles/pharming.html Jane Larson, “ ‘Pharmers’ hit online bank users with fraud scam,” The Arizona Republic, April 26, 2005. For more information, visit www.antiphishing.org/consumer_recs.html Written by Dawn Hicks. Illustrations by Nina Frenkel.